I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

This document is titled "Concepts and Terminology for Peer to Peer SIP", and as such would have no security considerations, as noted in the document.

However, this document describes how to discover which host a client is at, instead of using a SIP proxy, by using a peer-to-peer network and DHT.

I'd have liked a motivation for why this would be a preferable mechanism.  It seems like it would be less secure, in that more things will need to be trusted.  And furthermore, as this document says in section 5.4:

"The P2PSIP WG does not impose a particular mechanism for how the

 peer-ID and the credentials are obtained, but the RELOAD protocol

 does specify the format for the configuration information."

I'd think the hard problems would be things like who to get a credential from for joining the peer-to-peer group of proxies, and how that entity would decide whether you should be trusted to join the peer-to-peer group.  And if there is such a trusted entity (a central administration), why wouldn't the whole discovery process be more centralized?

Also, with a peer-to-peer DHT, it seems like there are more things that need to be trusted.  Any of them acting maliciously can cause incorrect answers.

Admittedly, I didn't read all the background documents.

There's a minor typo in section 2.2, clearly a cut and paste error:

"A special peer may be a member of the in the P2PSIP overlay"

Radia